CVE-2003-1438

BEA WebLogic Server 5.1-7.0.0.1 - Unprotected User Data Exposure via Session Replication Race Condition

Title source: llm

Description

Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user.

References (4)

Core 4

Core References

Patch vendor-advisory x_refsource_bea

http://dev.bea.com/resourcelibrary/advisoriesnotifications/BEA03-26.01.jsp

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id?1006018

Third Party Advisory, VDB Entry vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/6717

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/11221

Scores

EPSS 0.0025

EPSS Percentile 48.7%

Details

CWE

CWE-362

Status published

Products (5)

bea/weblogic_server 5.1

bea/weblogic_server 6.0

bea/weblogic_server 6.1

bea/weblogic_server 7.0

bea/weblogic_server 7.0.0.1

Published Dec 31, 2003

Tracked Since Feb 18, 2026